From owner-freebsd-ports Tue May 21 23:37:48 2002 Delivered-To: freebsd-ports@freebsd.org Received: from mail8.nc.rr.com (fe8.southeast.rr.com [24.93.67.55]) by hub.freebsd.org (Postfix) with ESMTP id 457CD37B409; Tue, 21 May 2002 23:37:31 -0700 (PDT) Received: from i8k.babbleon.org ([66.57.86.84]) by mail8.nc.rr.com with Microsoft SMTPSVC(5.5.1877.757.75); Wed, 22 May 2002 01:22:44 -0400 Received: by i8k.babbleon.org (Postfix, from userid 111) id D170EBB29; Wed, 22 May 2002 01:22:40 -0400 (EDT) Content-Type: text/plain; charset="iso-8859-1" From: Brian T.Schellenberger To: "Andrey A. Chernov" Subject: Re: My position on commiters guide 10.4.4 Date: Wed, 22 May 2002 01:22:40 -0400 X-Mailer: KMail [version 1.3] References: <20020522041150.GA92851@nagual.pp.ru> <20020522044853.92549BB29@i8k.babbleon.org> <20020522050301.GA93570@nagual.pp.ru> In-Reply-To: <20020522050301.GA93570@nagual.pp.ru> Cc: kris@obsecurity.org, ports@FreeBSD.ORG, portmgr@FreeBSD.ORG, core@FreeBSD.ORG MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020522052240.D170EBB29@i8k.babbleon.org> Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wednesday 22 May 2002 01:03 am, you wrote: | On Wed, May 22, 2002 at 00:48:52 -0400, Brian T.Schellenberger wrote: | > Really, ports that change without version number changes are a real pain | > to deal with, and a new port should be rolled up for them only if there | > is a very good reason (which the porter understands), which is all this | > rule seems to be saying. | | I want to especially note that when version number IS CHANGED, we exact in | the same situation, i.e. from security perspective all things from 10.4.4 | must be done, like complete diff, description of all changes, etc. I found | not logical to enforce that requirement when version number is not changed | and forget it when it is changed. Do the version number change bring any | safety? Of course not, hacker can just upload new version with changed | number. | | > So your position of simply not updating the port until the version number | > does change certainly seems reasonable to me. | > | > If there's somebody else who needs your port _so_ bad that he _must_ get | > it before the version number changes then *he* can do the ports and fill | > in all the necessary information. | > | > Am I missing something here? | | You are correct, but I don't think it is perfect solution, it is forced | soultion. I will be more happy if that illogical rule will be removed. I don't find the rule so illogical. Have you considered requesting the the person whose application you port update the version numbers (at least patch levels) when upgrading their code? It's just terribly confusing to have multiple different "versions" of the same package with the same version number. I think that this rule is probably mean precisely to try to avoid having that happen at least within the ports system by making it odious to create such a port so as to limit it to those ports where there really is a good reason to override the general rule. For one thing, without all the diffs listed in the doc, how can you even *tell* which version you have? Normally if you want to to see whether you have the "latest" version you just look at the version number. If the version number doesn't change but the contents *do* change, then you have to actually examine the files to figure out which "version" of the version you have. If this information is not documented in the port, how are you supposed to know? -- Brian T. Schellenberger . . . . . . . bts@wnt.sas.com (work) Brian, the man from Babble-On . . . . bts@babbleon.org (personal) http://www.babbleon.org http://www.eff.org http://www.programming-freedom.org If you smell the smoke you don't need to be told what you've got to do; Yet there's a certain breed, so very in-between, they'd rather take a vote. -- DEVO -- Here To Go To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message